aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-09-13ata: duplicate variable sparse warningStephen Hemminger
drivers/ata/ata_piix.c:1502:7: warning: symbol 'rc' shadows an earlier one Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-09-11Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-blockLinus Torvalds
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: sg: disable interrupts inside sg_copy_buffer
2008-09-11MN10300: Change the fault handler to check in_atomic() not in_interrupt()David Howells
Change the MN10300 fault handler to make it check in_atomic() rather than in_interrupt() as commit 6edaf68a87d17570790fd55f0c451a29ec1d6703 did for other architectures: Author: Peter Zijlstra <a.p.zijlstra@chello.nl> Date: Wed Dec 6 20:32:18 2006 -0800 [PATCH] mm: arch do_page_fault() vs in_atomic() In light of the recent pagefault and filemap_copy_from_user work I've gone through all the arch pagefault handlers to make sure the inc_preempt_count() 'feature' works as expected. Several sections of code (including the new filemap_copy_from_user) rely on the fact that faults do not take locks under increased preempt count. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-11sg: disable interrupts inside sg_copy_bufferFUJITA Tomonori
The callers of sg_copy_buffer must disable interrupts before calling it (since it uses kmap_atomic). Some callers use it on interrupt-disabled code but some need to take the trouble to disable interrupts just for this. No wonder they forget about it and we hit a bug like: http://bugzilla.kernel.org/show_bug.cgi?id=11529 James said that it might be better to disable interrupts inside the function rather than risk the callers getting it wrong. Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2008-09-11Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-blockLinus Torvalds
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: block: disable sysfs parts of the disk command filter
2008-09-11Merge branch 'kvm-updates/2.6.27' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm * 'kvm-updates/2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm: KVM: VMX: Always return old for clear_flush_young() when using EPT KVM: SVM: fix guest global tlb flushes with NPT KVM: SVM: fix random segfaults with NPT enabled
2008-09-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: [SCSI] fix check of PQ and PDT bits for WLUNs [SCSI] make scsi_check_sense HARDWARE_ERROR return ADD_TO_MLQUEUE on retry [SCSI] scsi_dh: make check_sense return ADD_TO_MLQUEUE [SCSI] zfcp: Remove duplicated unlikely() macros. [SCSI] zfcp: channel cannot be detached due to refcount imbalance [SCSI] zfcp: Fix reference counter for remote ports [SCSI] zfcp: Simplify ccw notify handler [SCSI] zfcp: Correctly query end flag in gpn_ft response [SCSI] zfcp: Fix request queue locking [SCSI] sd: select CRC_T10DIF only when necessary
2008-09-11Merge branch 'release' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6: [IA64] prevent ia64 from invoking irq handlers on offline CPUs [IA64] arch/ia64/sn/pci/tioca_provider.c: introduce missing kfree [IA64] fix up bte.h [IA64] fix compile failure with non modular builds
2008-09-11Merge branch 'for_linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-udf-2.6 * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-udf-2.6: udf: add llseek method udf: Fix error paths in udf_new_inode() udf: Fix lock inversion between iprune_mutex and alloc_mutex (v2)
2008-09-11block: disable sysfs parts of the disk command filterJens Axboe
We still have life time issues with the sysfs command filter kobject, so disable it for 2.6.27 release. We can revisit this and make it work properly for 2.6.28, for 2.6.27 release it's too risky. Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2008-09-11KVM: VMX: Always return old for clear_flush_young() when using EPTSheng Yang
As well as discard fake accessed bit and dirty bit of EPT. Signed-off-by: Sheng Yang <sheng.yang@intel.com> Signed-off-by: Avi Kivity <avi@qumranet.com>
2008-09-11KVM: SVM: fix guest global tlb flushes with NPTJoerg Roedel
Accesses to CR4 are intercepted even with Nested Paging enabled. But the code does not check if the guest wants to do a global TLB flush. So this flush gets lost. This patch adds the check and the flush to svm_set_cr4. Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Avi Kivity <avi@qumranet.com>
2008-09-11KVM: SVM: fix random segfaults with NPT enabledJoerg Roedel
This patch introduces a guest TLB flush on every NPF exit in KVM. This fixes random segfaults and #UD exceptions in the guest seen under some workloads (e.g. long running compile workloads or tbench). A kernbench run with and without that fix showed that it has a slowdown lower than 0.5% Cc: stable@kernel.org Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Avi Kivity <avi@qumranet.com>
2008-09-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6: add deprecated ide-scsi to feature-removal-schedule.txt ide: Fix pointer arithmetic in hpt3xx driver code (3rd try)
2008-09-10m68k: Update defconfigs for 2.6.27-rc6Geert Uytterhoeven
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-10VIDEO_SH_MOBILE_CEU should depend on HAS_DMAGeert Uytterhoeven
commit 0d3244d6439c8c31d2a29efd587c7aca9042c8aa ("V4L/DVB (8342): sh_mobile_ceu_camera: Add SuperH Mobile CEU driver V3") introduced VIDEO_SH_MOBILE_CEU, which selects VIDEOBUF_DMA_CONTIG. This circumvents the dependency on HAS_DMA of VIDEOBUF_DMA_CONTIG. Add a dependency on HAS_DMA to VIDEO_SH_MOBILE_CEU to fix this. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Paul Mundt <lethal@linux-sh.org> Acked-by: Magnus Damm <damm@igel.co.jp> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-10swiotlb: fix back-off path when memory allocation failsDaniel J Blueman
This fixes a SWIOTLB oops With SWIOTLB being enabled and straight-forward page allocation failure [1], the swiotlb_alloc_coherent fall-back path hits an issue [2], resulting in my webcam failing to work. At the time of oops, RDI is clearly a pointer to a structure which has arrived as NULL, leading to the typo in swiotlb_map_single's callsite arguments. Correctly passing the device structure [3] addresses the issue and gets my webcam working again (the allocation failure still occuring). --- [1] skype: page allocation failure. order:3, mode:0x1 Pid: 5895, comm: skype Not tainted 2.6.27-rc6-235c-debug #1 Call Trace: [<ffffffff802b7cf0>] __alloc_pages_internal+0x4a0/0x5d0 [<ffffffff802d5ddd>] alloc_pages_current+0xad/0x110 [<ffffffff802b4ccd>] __get_free_pages+0x1d/0x60 [<ffffffff8046cd39>] swiotlb_alloc_coherent+0x49/0x180 [<ffffffff80212731>] dma_alloc_coherent+0x281/0x310 [<ffffffff805621c0>] hcd_buffer_alloc+0x50/0x90 [<ffffffff805547fd>] usb_buffer_alloc+0x2d/0x40 [<ffffffffa0056763>] uvc_alloc_urb_buffers+0x53/0xf0 [uvcvideo] [<ffffffffa0056958>] uvc_init_video+0x158/0x3e0 [uvcvideo] [<ffffffffa0056c17>] uvc_video_enable+0x37/0x80 [uvcvideo] [<ffffffffa0055853>] uvc_v4l2_do_ioctl+0x723/0x1260 [uvcvideo] [<ffffffff8026dd61>] ? trace_hardirqs_off_caller+0x21/0xc0 [<ffffffff8026dd61>] ? trace_hardirqs_off_caller+0x21/0xc0 [<ffffffffa0032c9f>] video_usercopy+0x19f/0x390 [videodev] [<ffffffffa0055130>] ? uvc_v4l2_do_ioctl+0x0/0x1260 [uvcvideo] [<ffffffff8026d0ce>] ? put_lock_stats+0xe/0x30 [<ffffffffa0054dad>] uvc_v4l2_ioctl+0x4d/0x80 [uvcvideo] [<ffffffffa0045083>] native_ioctl+0x83/0x90 [compat_ioctl32] [<ffffffffa004534e>] v4l_compat_ioctl32+0x2be/0x1da4 [compat_ioctl32] [<ffffffff806aad21>] ? do_page_fault+0x3d1/0xae0 [<ffffffff80270ccd>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff80270c59>] ? trace_hardirqs_on_caller+0x149/0x1b0 [<ffffffff80270ccd>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff80329afa>] compat_sys_ioctl+0x8a/0x3c0 [<ffffffff806a700d>] ? trace_hardirqs_off_thunk+0x3a/0x3c [<ffffffff8022f816>] sysenter_dispatch+0x7/0x2c [<ffffffff806a6fce>] ? trace_hardirqs_on_thunk+0x3a/0x3f Mem-Info: Node 0 DMA per-cpu: CPU 0: hi: 0, btch: 1 usd: 0 CPU 1: hi: 0, btch: 1 usd: 0 Node 0 DMA32 per-cpu: CPU 0: hi: 186, btch: 31 usd: 3 CPU 1: hi: 186, btch: 31 usd: 0 Node 0 Normal per-cpu: CPU 0: hi: 186, btch: 31 usd: 23 CPU 1: hi: 186, btch: 31 usd: 179 Active:78545 inactive:48683 dirty:31 writeback:0 unstable:2 free:830202 slab:17516 mapped:17473 pagetables:3496 bounce:0 Node 0 DMA free:36kB min:28kB low:32kB high:40kB active:0kB inactive:0kB present:15156kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 3207 3956 3956 Node 0 DMA32 free:3197192kB min:6512kB low:8140kB high:9768kB active:0kB inactive:0kB present:3284896kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 748 748 Node 0 Normal free:123580kB min:1516kB low:1892kB high:2272kB active:314180kB inactive:194732kB present:766464kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB 0*8kB 0*16kB 1*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36kB Node 0 DMA32: 4*4kB 3*8kB 2*16kB 3*32kB 4*64kB 5*128kB 3*256kB 5*512kB 4*1024kB 5*2048kB 776*4096kB = 3197224kB Node 0 Normal: 14*4kB 14*8kB 8*16kB 6*32kB 1*64kB 3*128kB 3*256kB 2*512kB 4*1024kB 1*2048kB 28*4096kB = 123560kB 64847 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 502752kB Total swap = 502752kB 1048576 pages RAM 52120 pages reserved 71967 pages shared 143004 pages non-shared --- [2] BUG: unable to handle kernel NULL pointer dereference at 00000000000002c8 IP: [<ffffffff8046c84c>] map_single+0x1c/0x280 PGD 10e54e067 PUD 10e595067 PMD 0 Oops: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC CPU 0 Modules linked in: kvm_intel kvm microcode uvcvideo compat_ioctl32 videodev v4l1_compat shpchp pci_hotplug Pid: 5895, comm: skype Not tainted 2.6.27-rc6-235c-debug #1 RIP: 0010:[<ffffffff8046c84c>] [<ffffffff8046c84c>] map_single+0x1c/0x280 RSP: 0018:ffff88010e78d988 EFLAGS: 00210296 RAX: 0000780000000000 RBX: 0000000000000000 RCX: 0000000000000002 RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88010e78d9e8 R08: 0000000000000000 R09: 0000000000000001 R10: ffff88010e78d698 R11: 0000000000000001 R12: 0000000000000002 R13: 0000000000000000 R14: 0000000000005000 R15: ffff88012f1c9968 FS: 0000000000000000(0000) GS:ffffffff80a6cdc0(0063) knlGS:00000000f6355b90 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000000002c8 CR3: 000000010e57d000 CR4: 00000000000026e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process skype (pid: 5895, threadinfo ffff88010e78c000, task ffff88012b9cc460) Stack: 0000000200000000 0000000000005000 0000000000000000 0000000000000000 00000000000017b8 0000000000000000 ffff88010e78d9c8 0000000000000000 0000000000000002 0000000000000000 0000000000005000 ffff88012f1c9968 Call Trace: [<ffffffff8046cbb0>] swiotlb_map_single_attrs+0x60/0xf0 [<ffffffff8046cc4c>] swiotlb_map_single+0xc/0x10 [<ffffffff8046cdee>] swiotlb_alloc_coherent+0xfe/0x180 [<ffffffff80212731>] dma_alloc_coherent+0x281/0x310 [<ffffffff805621c0>] hcd_buffer_alloc+0x50/0x90 [<ffffffff805547fd>] usb_buffer_alloc+0x2d/0x40 [<ffffffffa0056763>] uvc_alloc_urb_buffers+0x53/0xf0 [uvcvideo] [<ffffffffa0056958>] uvc_init_video+0x158/0x3e0 [uvcvideo] [<ffffffffa0056c17>] uvc_video_enable+0x37/0x80 [uvcvideo] [<ffffffffa0055853>] uvc_v4l2_do_ioctl+0x723/0x1260 [uvcvideo] [<ffffffff8026dd61>] ? trace_hardirqs_off_caller+0x21/0xc0 [<ffffffff8026dd61>] ? trace_hardirqs_off_caller+0x21/0xc0 [<ffffffffa0032c9f>] video_usercopy+0x19f/0x390 [videodev] [<ffffffffa0055130>] ? uvc_v4l2_do_ioctl+0x0/0x1260 [uvcvideo] [<ffffffff8026d0ce>] ? put_lock_stats+0xe/0x30 [<ffffffffa0054dad>] uvc_v4l2_ioctl+0x4d/0x80 [uvcvideo] [<ffffffffa0045083>] native_ioctl+0x83/0x90 [compat_ioctl32] [<ffffffffa004534e>] v4l_compat_ioctl32+0x2be/0x1da4 [compat_ioctl32] [<ffffffff806aad21>] ? do_page_fault+0x3d1/0xae0 [<ffffffff80270ccd>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff80270c59>] ? trace_hardirqs_on_caller+0x149/0x1b0 [<ffffffff80270ccd>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff80329afa>] compat_sys_ioctl+0x8a/0x3c0 [<ffffffff806a700d>] ? trace_hardirqs_off_thunk+0x3a/0x3c [<ffffffff8022f816>] sysenter_dispatch+0x7/0x2c [<ffffffff806a6fce>] ? trace_hardirqs_on_thunk+0x3a/0x3f Code: 45 31 c0 48 89 e5 e8 a4 ff ff ff c9 c3 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 38 48 89 75 b0 48 89 55 a8 89 4d a4 <48> 8b 87 c8 02 00 00 48 85 c0 0f 84 1c 02 00 00 48 8b 58 08 48 RIP [<ffffffff8046c84c>] map_single+0x1c/0x280 RSP <ffff88010e78d988> CR2: 00000000000002c8 ---[ end trace 5d15baeeb7025a0e ]--- --- [3] ffffffff8046c830 <map_single>: map_single(): /store/kernel/linux/lib/swiotlb.c:291 ffffffff8046c830: 55 push %rbp ffffffff8046c831: 48 89 e5 mov %rsp,%rbp ffffffff8046c834: 41 57 push %r15 ffffffff8046c836: 41 56 push %r14 ffffffff8046c838: 41 55 push %r13 ffffffff8046c83a: 41 54 push %r12 ffffffff8046c83c: 53 push %rbx ffffffff8046c83d: 48 83 ec 38 sub $0x38,%rsp ffffffff8046c841: 48 89 75 b0 mov %rsi,-0x50(%rbp) ffffffff8046c845: 48 89 55 a8 mov %rdx,-0x58(%rbp) ffffffff8046c849: 89 4d a4 mov %ecx,-0x5c(%rbp) dma_get_seg_boundary(): /store/kernel/linux/include/linux/dma-mapping.h:80 ffffffff8046c84c: 48 8b 87 c8 02 00 00 mov 0x2c8(%rdi),%rax <---- --- [4] Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-10add deprecated ide-scsi to feature-removal-schedule.txtFUJITA Tomonori
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-09-10ide: Fix pointer arithmetic in hpt3xx driver code (3rd try)Masoud Sharbiani
git commit 74811f355f4f69a187fa74892dcf2a684b84ce99 causes crash at module load (or boot) time on my machine with a hpt374 controller. The reason for this is that for initializing second controller which sets (hwif->dev == host->dev[1]) to true (1), adds 1 to a void ptr, which advances it by one byte instead of advancing it by sizeof(hpt_info) bytes. Because of this, all initialization functions get corrupted data in info variable which causes a crash at boot time. This patch fixes that and makes my machine boot again. The card itself is a HPT374 raid conroller: Here is the lspci -v output: 03:06.0 RAID bus controller: HighPoint Technologies, Inc. HPT374 (rev 07) Subsystem: HighPoint Technologies, Inc. Unknown device 0001 Flags: bus master, 66MHz, medium devsel, latency 120, IRQ 28 I/O ports at 8000 [size=8] I/O ports at 7800 [size=4] I/O ports at 7400 [size=8] I/O ports at 7000 [size=4] I/O ports at 6800 [size=256] Expansion ROM at fe8e0000 [disabled] [size=128K] Capabilities: [60] Power Management version 2 03:06.1 RAID bus controller: HighPoint Technologies, Inc. HPT374 (rev 07) Subsystem: HighPoint Technologies, Inc. Unknown device 0001 Flags: bus master, 66MHz, medium devsel, latency 120, IRQ 28 I/O ports at 9800 [size=8] I/O ports at 9400 [size=4] I/O ports at 9000 [size=8] I/O ports at 8800 [size=4] I/O ports at 8400 [size=256] Capabilities: [60] Power Management version 2 Signed-off-by: Masoud Sharbiani <masouds@google.com> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Cc: Andrew Morton <akpm@linux-foundation.org> [bart: use dev_get_drvdata() per Sergei's suggestion] Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-09-10[IA64] prevent ia64 from invoking irq handlers on offline CPUsPaul E. McKenney
Make ia64 refrain from clearing a given to-be-offlined CPU's bit in the cpu_online_mask until it has processed pending irqs. This change prevents other CPUs from being blindsided by an apparently offline CPU nevertheless changing globally visible state. Also remove the existing redundant cpu_clear(cpu, cpu_online_map). Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
2008-09-10[IA64] arch/ia64/sn/pci/tioca_provider.c: introduce missing kfreeJulia Lawall
Error handling code following a kmalloc should free the allocated data. Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Tony Luck <tony.luck@intel.com>
2008-09-10[IA64] fix up bte.hRobin Holt
bte.h expects a #define of L1_CACHE_MASK which is currently only in bte.c. This small patch gets bte.h to include cleanly and makes BTE_UNALIGNED_COPY not report errors. Signed-off-by: Robin Holt <holt@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
2008-09-10[IA64] fix compile failure with non modular buildsJames Bottomley
Broke the non modular builds by moving an essential function into modules.c. Fix this by moving it out again and into asm/sections.h as an inline. To do this, the definitions of struct fdesc and struct got_val have been lifted out of modules.c and put in asm/elf.h where they belong. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
2008-09-10ocfs2: Fix a bug in direct IO read.Tao Ma
ocfs2 will become read-only if we try to read the bytes which pass the end of i_size. This can be easily reproduced by following steps: 1. mkfs a ocfs2 volume with bs=4k cs=4k and nosparse. 2. create a small file(say less than 100 bytes) and we will create the file which is allocated 1 cluster. 3. read 8196 bytes from the kernel using O_DIRECT which exceeds the limit. 4. The ocfs2 volume becomes read-only and dmesg shows: OCFS2: ERROR (device sda13): ocfs2_direct_IO_get_blocks: Inode 66010 has a hole at block 1 File system is now read-only due to the potential of on-disk corruption. Please run fsck.ocfs2 once the file system is unmounted. So suppress the ERROR message. Signed-off-by: Tao Ma <tao.ma@oracle.com> Signed-off-by: Mark Fasheh <mfasheh@suse.com>
2008-09-09Linux 2.6.27-rc6Linus Torvalds
2008-09-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: ipv6: Fix OOPS in ip6_dst_lookup_tail(). ipsec: Restore larval states and socket policies in dump [Bluetooth] Reject L2CAP connections on an insecure ACL link [Bluetooth] Enforce correct authentication requirements [Bluetooth] Fix reference counting during ACL config stage
2008-09-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6: sparc64: Disable timer interrupts in fixup_irqs().
2008-09-09ipv6: Fix OOPS in ip6_dst_lookup_tail().Neil Horman
This fixes kernel bugzilla 11469: "TUN with 1024 neighbours: ip6_dst_lookup_tail NULL crash" dst->neighbour is not necessarily hooked up at this point in the processing path, so blindly dereferencing it is the wrong thing to do. This NULL check exists in other similar paths and this case was just an oversight. Also fix the completely wrong and confusing indentation here while we're at it. Based upon a patch by Evgeniy Polyakov. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-09Merge branch 'timers-fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: clockevents: remove WARN_ON which was used to gather information
2008-09-09clockevents: remove WARN_ON which was used to gather informationThomas Gleixner
The issue of the endless reprogramming loop due to a too small min_delta_ns was fixed with the previous updates of the clock events code, but we had no information about the spread of this problem. I added a WARN_ON to get automated information via kerneloops.org and to get some direct reports, which allowed me to analyse the affected machines. The WARN_ON has served its purpose and would be annoying for a release kernel. Remove it and just keep the information about the increase of the min_delta_ns value. Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-09-09Merge branch 'x86-fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86: fix memmap=exactmap boot argument x86: disable static NOPLs on 32 bits xen: fix 2.6.27-rc5 xen balloon driver warnings
2008-09-09x86: fix memmap=exactmap boot argumentPrarit Bhargava
When using kdump modifying the e820 map is yielding strange results. For example starting with BIOS-provided physical RAM map: BIOS-e820: 0000000000000100 - 0000000000093400 (usable) BIOS-e820: 0000000000093400 - 00000000000a0000 (reserved) BIOS-e820: 0000000000100000 - 000000003fee0000 (usable) BIOS-e820: 000000003fee0000 - 000000003fef3000 (ACPI data) BIOS-e820: 000000003fef3000 - 000000003ff80000 (ACPI NVS) BIOS-e820: 000000003ff80000 - 0000000040000000 (reserved) BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved) BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) BIOS-e820: 00000000ff000000 - 0000000100000000 (reserved) and booting with args memmap=exactmap memmap=640K@0K memmap=5228K@16384K memmap=125188K@22252K memmap=76K#1047424K memmap=564K#1047500K resulted in: user-defined physical RAM map: user: 0000000000000000 - 0000000000093400 (usable) user: 0000000000093400 - 00000000000a0000 (reserved) user: 0000000000100000 - 000000003fee0000 (usable) user: 000000003fee0000 - 000000003fef3000 (ACPI data) user: 000000003fef3000 - 000000003ff80000 (ACPI NVS) user: 000000003ff80000 - 0000000040000000 (reserved) user: 00000000e0000000 - 00000000f0000000 (reserved) user: 00000000fec00000 - 00000000fec10000 (reserved) user: 00000000fee00000 - 00000000fee01000 (reserved) user: 00000000ff000000 - 0000000100000000 (reserved) But should have resulted in: user-defined physical RAM map: user: 0000000000000000 - 00000000000a0000 (usable) user: 0000000001000000 - 000000000151b000 (usable) user: 00000000015bb000 - 0000000008ffc000 (usable) user: 000000003fee0000 - 000000003ff80000 (ACPI data) This is happening because of an improper usage of strcmp() in the e820 parsing code. The strcmp() always returns !0 and never resets the value for e820.nr_map and returns an incorrect user-defined map. This patch fixes the problem. Signed-off-by: Prarit Bhargava <prarit@redhat.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-09-09Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6Linus Torvalds
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: [S390] cio: allow offline processing for disconnected devices [S390] cio: handle ssch() return codes correctly. [S390] cio: Correct cleanup on error. [S390] CVE-2008-1514: prevent ptrace padding area read/write in 31-bit mode
2008-09-09Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] IP22: Fix detection of second HPC3 on Challenge S
2008-09-09Merge branch 'linux-next' of git://git.infradead.org/~dedekind/ubifs-2.6Linus Torvalds
* 'linux-next' of git://git.infradead.org/~dedekind/ubifs-2.6: UBIFS: make minimum fanout 3 UBIFS: fix division by zero UBIFS: amend f_fsid UBIFS: fill f_fsid UBIFS: improve statfs reporting even more UBIFS: introduce LEB overhead UBIFS: add forgotten gc_idx_lebs component UBIFS: fix assertion UBIFS: improve statfs reporting UBIFS: remove incorrect index space check UBIFS: push empty flash hack down UBIFS: do not update min_idx_lebs in stafs UBIFS: allow for racing between GC and TNC UBIFS: always read hashed-key nodes under TNC mutex UBIFS: fix zero-length truncations
2008-09-09lib: Correct printk %pF to work on all architecturesJames Bottomley
It was introduced by "vsprintf: add support for '%pS' and '%pF' pointer formats" in commit 0fe1ef24f7bd0020f29ffe287dfdb9ead33ca0b2. However, the current way its coded doesn't work on parisc64. For two reasons: 1) parisc isn't in the #ifdef and 2) parisc has a different format for function descriptors Make dereference_function_descriptor() more accommodating by allowing architecture overrides. I put the three overrides (for parisc64, ppc64 and ia64) in arch/kernel/module.c because that's where the kernel internal linker which knows how to deal with function descriptors sits. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: Tony Luck <tony.luck@intel.com> Acked-by: Kyle McMartin <kyle@mcmartin.ca> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-09MAINTAINERS: add Atheros maintainer for atlxChris Snook
Jie Yang at Atheros is getting more directly involved with upstream work on the atl* drivers. This patch changes the ATL1 entry to ATLX (atl2 support posted to netdev today) and adds him as a maintainer. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-09update Documentation/filesystems/Locking for 2.6.27 changesChristoph Hellwig
In the 2.6.27 circle ->fasync lost the BKL, and the last remaining ->open variant that takes the BKL is also gone. ->get_sb and ->kill_sb didn't have BKL forever, so updated the entries while we're at that. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-09ipsec: Restore larval states and socket policies in dumpHerbert Xu
The commit commit 4c563f7669c10a12354b72b518c2287ffc6ebfb3 ("[XFRM]: Speed up xfrm_policy and xfrm_state walking") inadvertently removed larval states and socket policies from netlink dumps. This patch restores them. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-09[S390] cio: allow offline processing for disconnected devicesPeter Oberparleiter
When disconnected ccw devices are removed, the device has to be set offline, otherwise there will be side effects including a reference count imbalance. This patch modifies ccw_device_offline to work for devices in disconnecte/not operational state. ccw_device_offline is called by cio for devices which are online during device removal. Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2008-09-09[S390] cio: handle ssch() return codes correctly.Cornelia Huck
ssch() has two classes of return codes: - condition codes (0-3) which need to be translated to Linux error codes - Linux error codes (-EIO on exceptions) which should be passed to the caller (instead of erronously being handled like condition code 3) Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2008-09-09[S390] cio: Correct cleanup on error.Cornelia Huck
Fix cleanup on error in chp_new() and init_channel_subsystem() (must not call kfree() on structures that had been registered). Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2008-09-09[S390] CVE-2008-1514: prevent ptrace padding area read/write in 31-bit modeJarod Wilson
When running a 31-bit ptrace, on either an s390 or s390x kernel, reads and writes into a padding area in struct user_regs_struct32 will result in a kernel panic. This is also known as CVE-2008-1514. Test case available here: http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/user-area-padding.c?cvsroot=systemtap Steps to reproduce: 1) wget the above 2) gcc -o user-area-padding-31bit user-area-padding.c -Wall -ggdb2 -D_GNU_SOURCE -m31 3) ./user-area-padding-31bit <panic> Test status ----------- Without patch, both s390 and s390x kernels panic. With patch, the test case, as well as the gdb testsuite, pass without incident, padding area reads returning zero, writes ignored. Nb: original version returned -EINVAL on write attempts, which broke the gdb test and made the test case slightly unhappy, Jan Kratochvil suggested the change to return 0 on write attempts. Signed-off-by: Jarod Wilson <jarod@redhat.com> Tested-by: Jan Kratochvil <jan.kratochvil@redhat.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2008-09-09Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6
2008-09-09[Bluetooth] Reject L2CAP connections on an insecure ACL linkMarcel Holtmann
The Security Mode 4 of the Bluetooth 2.1 specification has strict authentication and encryption requirements. It is the initiators job to create a secure ACL link. However in case of malicious devices, the acceptor has to make sure that the ACL is encrypted before allowing any kind of L2CAP connection. The only exception here is the PSM 1 for the service discovery protocol, because that is allowed to run on an insecure ACL link. Previously it was enough to reject a L2CAP connection during the connection setup phase, but with Bluetooth 2.1 it is forbidden to do any L2CAP protocol exchange on an insecure link (except SDP). The new hci_conn_check_link_mode() function can be used to check the integrity of an ACL link. This functions also takes care of the cases where Security Mode 4 is disabled or one of the devices is based on an older specification. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-09-09[Bluetooth] Enforce correct authentication requirementsMarcel Holtmann
With the introduction of Security Mode 4 and Simple Pairing from the Bluetooth 2.1 specification it became mandatory that the initiator requires authentication and encryption before any L2CAP channel can be established. The only exception here is PSM 1 for the service discovery protocol (SDP). It is meant to be used without any encryption since it contains only public information. This is how Bluetooth 2.0 and before handle connections on PSM 1. For Bluetooth 2.1 devices the pairing procedure differentiates between no bonding, general bonding and dedicated bonding. The L2CAP layer wrongly uses always general bonding when creating new connections, but it should not do this for SDP connections. In this case the authentication requirement should be no bonding and the just-works model should be used, but in case of non-SDP connection it is required to use general bonding. If the new connection requires man-in-the-middle (MITM) protection, it also first wrongly creates an unauthenticated link key and then later on requests an upgrade to an authenticated link key to provide full MITM protection. With Simple Pairing the link key generation is an expensive operation (compared to Bluetooth 2.0 and before) and doing this twice during a connection setup causes a noticeable delay when establishing a new connection. This should be avoided to not regress from the expected Bluetooth 2.0 connection times. The authentication requirements are known up-front and so enforce them. To fulfill these requirements the hci_connect() function has been extended with an authentication requirement parameter that will be stored inside the connection information and can be retrieved by userspace at any time. This allows the correct IO capabilities exchange and results in the expected behavior. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-09-09[Bluetooth] Fix reference counting during ACL config stageMarcel Holtmann
The ACL config stage keeps holding a reference count on incoming connections when requesting the extended features. This results in keeping an ACL link up without any users. The problem here is that the Bluetooth specification doesn't define an ownership of the ACL link and thus it can happen that the implementation on the initiator side doesn't care about disconnecting unused links. In this case the acceptor needs to take care of this. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-09-08sparc64: Disable timer interrupts in fixup_irqs().David S. Miller
When a CPU is offlined, we leave the timer interrupts disabled because fixup_irqs() does not explicitly take care of that case. Fix this by invoking tick_ops->disable_irq(). Based upon analysis done by Paul E. McKenney. Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-08Merge branch 'master' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/hskinnemoen/avr32-2.6 * 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/hskinnemoen/avr32-2.6: avr32: pm_standby low-power ram bug fix avr32: Fix lockup after Java stack underflow in user mode
2008-09-08Merge branch 'merge' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: powerpc: Fix rare boot build breakage powerpc/spufs: Fix possible scheduling of a context to multiple SPEs powerpc/spufs: Fix race for a free SPU powerpc/spufs: Fix multiple get_spu_context()